This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Building consensus over DNSSEC enhancements to glibc.


On 11/19/2015 09:24 AM, Florian Weimer wrote:
> On 11/19/2015 06:22 AM, Carlos O'Donell wrote:
>> Dare I say that systemd-resolved might solve some of this already?
> 
> Unfortunately, systemd-resolved caches far too aggressively and will
> poison its cache, even accidentally.  Various parties have tried to
> explain this to the upstream developers, but have not succeeded.
> systemd-resolved should be safe to run behind a BIND 9 recursive server
> in non-forwarding mode, but not much else (I believe even Unbound is
> unsafe due to its last-resort message handling).
> 
> systemd-resolved also does not handle exotic record types, I think, it
> is more an NSS-level solution than a libresolv-level solution.
> 
> (An earlier attempt in this direction is lwresd, which is part of BIND 9.)

Thanks for that summary. I wasn't sure and had not checked.

Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]